-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated COPY commands #4094
base: master
Are you sure you want to change the base?
Updated COPY commands #4094
Conversation
built in to improve build time
Dockerfile
Outdated
@@ -11,43 +11,37 @@ USER 0 | |||
COPY package.json yarn.lock lerna.json tsconfig.json .prettierrc ./ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we explore using 'copy --link' (https://docs.docker.com/engine/reference/builder/#copy---link) to see if we can make these copy layers more independent?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll give this a look. Surprised I hadn't seen it before.
Dockerfile
Outdated
COPY --from=builder --chown= --chmod=0500 /src/apps/backend/node_modules apps/backend/node_modules | ||
COPY --from=builder --chown= --chmod=0500 /src/apps/backend/dist apps/backend/dist | ||
COPY --from=builder --chown= /src/dist/ dist/ | ||
COPY --from=builder --chown= --chmod=0500 /src/apps/backend/.sequelizerc /app/apps/backend/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why do the copies start doing absolute paths for the copy instead of relative like we have been?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good question - I didn't change that part of the line, but I don't have any rationale for keeping it that way. That could be changed for consistency.
It seems to me that this container should be running as either a heimdall user or a heimdallapp or nodeapp or something like that - and thus in the final build layer there should be commands making sure all the data on the image is owned by that user:
https://forums.docker.com/t/permissions-issue-with-compose-build-vs-docker-build/7775 |
That's why we have that 'node' user. They've basically done the work to properly create a different user account from root and we can do whatever we want with it now as opposed to having to manually create a 'heimdall' user. |
Making the call explicit for clarity Co-authored-by: Amndeep Singh Mann <amann@mitre.org>
Co-authored-by: Amndeep Singh Mann <amann@mitre.org>
Co-authored-by: Amndeep Singh Mann <amann@mitre.org>
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
This pull request has a conflict. Could you fix it @catorreMC? |
1 similar comment
This pull request has a conflict. Could you fix it @catorreMC? |
This pull request has a conflict. Could you fix it @catorreMC? |
1 similar comment
This pull request has a conflict. Could you fix it @catorreMC? |
Added the built-in chmod/chown flags to improve build time. Removed standalone chmod and chown RUN commands, and removed all chmod/chown operations from the builder container. Will and I elected to keep the chmod and chown commands in the app stage of the image because they serve as a precautionary measure, and removing them makes no positive or negative impact on performance or space, and do not impact the legibility of the file.
On my machine, this improved build time from 2604 seconds to 309 - an 88 percent decrease. Pending further testing on other machines, as mine appeared to run it dramatically slower than others.
Dockerfile.lite still needs to be updated accordingly.